package com.bjpowernode.springsecurity01.config;

import com.bjpowernode.springsecurity01.filter.CaptchaCodeFilter;
import com.bjpowernode.springsecurity01.handle.AppAccessDeniedHandler;
import com.bjpowernode.springsecurity01.handle.AppAuthenticationFailureHandler;
import com.bjpowernode.springsecurity01.handle.AppAuthenticationSuccessHandler;
import com.bjpowernode.springsecurity01.handle.AppLogoutSuccessHandler;
import com.bjpowernode.springsecurity01.service.impl.AppUserServiceImpl;
import jakarta.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableMethodSecurity(prePostEnabled = true)
public class MySecurityConfiguration {

    @Resource
    private AppAccessDeniedHandler appAccessDeniedHandler;

    @Resource
    private AppAuthenticationSuccessHandler appAuthenticationSuccessHandler;

    @Resource
    private AppAuthenticationFailureHandler appAuthenticationFailureHandler;

    @Resource
    private AppLogoutSuccessHandler appLogoutSuccessHandler;

    @Resource
    private AppUserServiceImpl appUserServiceImpl;

    @Resource
    private CaptchaCodeFilter captchaCodeFilter;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {

        httpSecurity.addFilterBefore(captchaCodeFilter, UsernamePasswordAuthenticationFilter.class);

        httpSecurity.userDetailsService(appUserServiceImpl);

        httpSecurity.exceptionHandling(exception -> exception.accessDeniedHandler(appAccessDeniedHandler));

        httpSecurity.formLogin(handler -> handler
                .usernameParameter("uname")
                .passwordParameter("pwd")
                .loginProcessingUrl("/toLogin")
                .loginProcessingUrl("/login/doLogin")
                .successHandler(appAuthenticationSuccessHandler)
                .failureHandler(appAuthenticationFailureHandler));



        //放行登录等请求  不需要security验证token的地址写到这里
        //除了/toLogin /login/doLogin 之外的其他请求，都需要security验证token
        httpSecurity.authorizeHttpRequests(request ->
                request.requestMatchers("/toLogin", "/login/doLogin","/code/image")
                        .permitAll()
                        .anyRequest().authenticated());

        //关闭csrf
        httpSecurity.csrf(csrf -> csrf.disable());
        //允许前端跨域访问
        //httpSecurity.cors(cors -> cors.disable());


        //配置退出的handler
        httpSecurity.logout(handler -> handler.logoutSuccessHandler(appLogoutSuccessHandler));

        return httpSecurity.build();
    }
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
